08-12-2005 05:33 AM - last edited on 12-27-2012 06:28 PM by maikoro
SSL Server Has SSLv2 Enabled Vulnerability port 2381/tcp over SSL
Is the a way to mitigate this by going to SSLv3? I assume this is referring to Systems Manager.
P.S. This thread has been moved from ITRC server mgmt (Insight Manager 7) Forum to ITRC HP Systems Insight Manager Forum - HP Forums Moderator
09-05-2005 06:39 AM
- SSL Server Supports Weak Encryption
- SSL Server Uses Weak Encryption
- SSL Server Has SSLv2 Enabled
- SSL Certificate - Signature Verification Failed
- SSL Certificate - Self-Signed Certificate
- SSL Certificate - Subject Common Name Does Not Match Server FQDN
All of them are caused by the HP System Management Homepage (v188.8.131.52) which listens on SSL port 2381. Is there a way to enable SSLv3 and turn-off SSLv2 and also restrict access to strong encryption only?
I got stuck and it seams it is not possible to disable v2. My attempts to change the config file "C:\hp\hpsmh\conf\smhpd.confâ was without success. The file gets dumped when the SysMgmtHP service starts up. Therefore, I assume configuration settings are hard coded somewhere.
A look at the SSLCipherSuite entry shows that v2 is enabled.
This should be changed to:
12-04-2006 02:22 AM
12-06-2006 09:15 AM